Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

python310Packages.pyopenssl: mark broken on aarch64-darwin #172397

Merged
merged 1 commit into from
May 10, 2022
Merged

python310Packages.pyopenssl: mark broken on aarch64-darwin #172397

merged 1 commit into from
May 10, 2022

Conversation

SuperSandro2000
Copy link
Member

@SuperSandro2000 SuperSandro2000 commented May 10, 2022
edited
Loading

Description of changes

Closes #172117

Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 22.05 Release Notes (or backporting 21.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
    • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
  • Fits CONTRIBUTING.md.

@SuperSandro2000 SuperSandro2000 mentioned this pull request May 10, 2022
Closed
13 tasks
Mindavi
Mindavi approved these changes May 10, 2022
View reviewed changes
Copy link
Contributor

@Mindavi Mindavi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems sensible since it seems it cannot be fixed without upstream work.

@ofborg ofborg bot added 6.topic: darwin Running or building packages on Darwin 10.rebuild-darwin: 0 10.rebuild-linux: 0 labels May 10, 2022
@SuperSandro2000 SuperSandro2000 merged commit 4cabec0 into NixOS:master May 10, 2022
@SuperSandro2000 SuperSandro2000 deleted the pyopenssl branch May 10, 2022 23:42
@bobrik
Copy link
Contributor

bobrik commented May 11, 2022

I don't think this is a good solution. You don't have to use callbacks in pyopenssl.

Marking pyopenssl as broken locks out a ton of packages on aarch64-darwin that were working perfectly fine. 1703 were removed in the latest evaluation:

@SuperSandro2000
Copy link
Member Author

You don't have to use callbacks in pyopenssl.

There is no reasonable way we can figure out which packages uses callbacks and which not and this could change with every update. Keeping maintainers busy with marking downstream packages broken which happen to use callbacks is also not a great solution or maintainable. Since I am the maintainer I'd rather mark pyopenssl broken on aarch64-darwin because it is not fully working or has proper upstream support. If we find a good solution I am more than happy to add a workaround but I don't have the darwin knowledge or time to find one especially if most likely code changes are required.

were working perfectly fine.

I am not fully sure on this one. It could also be that we ignored problematic tests on darwin in other packages which actually where caused by pyopenssl.

1703 were removed in the latest evaluation:

762 of them are duplicates between python39 and python310, so only 941 got removed.

@bobrik
Copy link
Contributor

bobrik commented May 11, 2022

There are plenty of packages with bugs that do not prevent them from being useful. GCC is not marked as broken.

I have a package that I've been using without any issues and now it's not available due to pyopenssl being marked as broken.

@Mindavi
Copy link
Contributor

Mindavi commented May 11, 2022

@bobrik one direction to look in is to stub out the callbacks with assertions, making it very clear that it's related to that issue when it fails. Such a patchset will require maintenance though, so it's not ideal. Maybe upstream will even accept something like that? Would be useful to be able to backtrack easily instead of having weird crashes.

@SuperSandro2000
Copy link
Member Author

SuperSandro2000 commented May 11, 2022
edited
Loading

Yeah, I am no longer willing to invest time to debug this exact issue in downstream package tests.

@avanov
Copy link

avanov commented May 15, 2022

This led to ansible being unavailable in all available Python package sets on Apple M1.

minimal added a commit to minimal/dotfiles that referenced this pull request May 18, 2022
@minimal
nix: latest nixpkgs
03dfe7e 
pyopenssl has been marked broken on aarch64 which httpie uses so switch
to x86 in overlay.

NixOS/nixpkgs#172397

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/d59dd43e49f24b58fe8d5ded38cbdf00c3da4dc2' (2022-05-06)
  → 'github:NixOS/nixpkgs/ff691ed9ba21528c1b4e034f36a04027e4522c58' (2022-05-16)
• Updated input 'home-manager':
    'github:nix-community/home-manager/538343be863cb0b9e9f1471e6dc09e0e140c7b3d' (2022-05-06)
  → 'github:nix-community/home-manager/32a7da69dc53c9eb5ad0675eb7fdc58f7fe35272' (2022-05-13)
Sciencentistguy added a commit to Sciencentistguy/nixfiles that referenced this pull request May 20, 2022
@Sciencentistguy
Unbreak pyopenssl
aab8e2c 
See: NixOS/nixpkgs#172397, pyca/pyopenssl#87
This is (imo) better than just marking it broken and not letting aarch64-darwin use nix
@kwohlfahrt kwohlfahrt mentioned this pull request May 20, 2022
Merged
13 tasks
@kwohlfahrt
Copy link
Contributor

At least ansible(cc @avanov) is fixed by #173809, I suspect many other packages will be as well.

ELD added a commit to ELD/nix-system that referenced this pull request May 21, 2022
@ELD
Patch python and neovim deps
2eb9691 
`pyopenssl` is broken on Apple Silicon and [this PR marks it as
broken](NixOS/nixpkgs#172397) (which I think is
a little overzealous).
[This other pending PR fixes the issue](NixOS/nixpkgs#173809)
by making `trustme` an optional dependency for `aiohttp`. While the PR
is pending, I've added an overlay to accomplish the same thing — and
mark `pyopenssl` as _not_ broken, for now.

Additionally, Neovim broke in recent versions of home-manager, for some
reason. There's a workaround available [here](nix-community/home-manager#2966 (comment))
and the home-manager maintainers worked quickly to merge a fix in.

This unblocks updating all flake dependencies and gets the system config
back into working order.
ELD added a commit to ELD/nix-system that referenced this pull request May 21, 2022
@ELD
Update Flake Inputs (#34)
20a9227 
* flake.lock: Update

Flake lock file updates:

• Updated input 'darwin':
    'github:kclejeune/nix-darwin/fff582f3244f31e7455d0c5d93f2e3aa7554da90' (2022-04-20)
  → 'github:kclejeune/nix-darwin/c9c32574428a3182dcb2bd24ef6c73c974c368ae' (2022-05-20)
• Updated input 'devshell':
    'github:numtide/devshell/d97df53b5ddaa1cfbea7cddbd207eb2634304733' (2022-04-25)
  → 'github:numtide/devshell/a5327cd01e58d2848c73062f2661278ad615748f' (2022-05-19)
• Updated input 'flake-utils':
    'github:numtide/flake-utils/a4b154ebbdc88c8498a5c7b01589addc9e9cb678' (2022-04-11)
  → 'github:numtide/flake-utils/04c1b180862888302ddfb2e3ad9eaa63afc60cf8' (2022-05-17)
• Updated input 'home-manager':
    'github:nix-community/home-manager/778af87a981eb2bfa3566dff8c3fb510856329ef' (2022-04-26)
  → 'github:nix-community/home-manager/02b15de8ad714409358cffdc6ed518ade03402c4' (2022-05-19)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/6b4ebea9093c997c5f275c820e679108de4871ab' (2022-04-21)
  → 'github:nixos/nixos-hardware/be2b338c6a05b9e46a811119e3c5bca98a118467' (2022-05-20)
• Updated input 'nixos-unstable':
    'github:nixos/nixpkgs/e10da1c7f542515b609f8dfbcf788f3d85b14936' (2022-04-26)
  → 'github:nixos/nixpkgs/48037fd90426e44e4bf03e6479e88a11453b9b66' (2022-05-18)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/d146577610c17d7674a2d3e285fc637c520ad344' (2022-04-27)
  → 'github:nixos/nixpkgs/52dc75a4fee3fdbcb792cb6fba009876b912bfe0' (2022-05-18)
• Updated input 'stable':
    'github:nixos/nixpkgs/a3917caedfead19f853aa5769de4c3ea4e4db584' (2022-04-26)
  → 'github:nixos/nixpkgs/685d243d971c4f9655c981036b9c7bafdb728a0d' (2022-05-19)

* Patch python and neovim deps

`pyopenssl` is broken on Apple Silicon and [this PR marks it as
broken](NixOS/nixpkgs#172397) (which I think is
a little overzealous).
[This other pending PR fixes the issue](NixOS/nixpkgs#173809)
by making `trustme` an optional dependency for `aiohttp`. While the PR
is pending, I've added an overlay to accomplish the same thing — and
mark `pyopenssl` as _not_ broken, for now.

Additionally, Neovim broke in recent versions of home-manager, for some
reason. There's a workaround available [here](nix-community/home-manager#2966 (comment))
and the home-manager maintainers worked quickly to merge a fix in.

This unblocks updating all flake dependencies and gets the system config
back into working order.

Co-authored-by: flakebot <flakebot@users.noreply.github.com>
@reckenrode reckenrode mentioned this pull request May 25, 2022
Closed
@veehaitch veehaitch mentioned this pull request May 29, 2022
Merged
@andrew-d andrew-d mentioned this pull request Jul 2, 2022
Closed
13 tasks
azuwis added a commit to azuwis/nixpkgs that referenced this pull request Jul 4, 2022
@azuwis
google-auth: Remove pyopenssl on aarch64-darwin
77cae84 
pyopenssl is broken on aarch64-darwin NixOS#172397

It's in `extras_require` (optional), and only needed if mTLS feature is
enabled (disabled by default) googleapis/google-auth-library-python#697
@azuwis azuwis mentioned this pull request Jul 4, 2022
Closed
13 tasks
azuwis added a commit to azuwis/nixpkgs that referenced this pull request Jul 4, 2022
@azuwis
google-auth: Remove pyopenssl
de839d3 
Pyopenssl is in `extras_require` (optional), and only needed if mTLS feature is
enabled (disabled by default) googleapis/google-auth-library-python#697

This will also make google-auth available on aarch64-darwin since
pyopenssl is broken NixOS#172397
SuperSandro2000 pushed a commit to SuperSandro2000/nixpkgs that referenced this pull request Jul 4, 2022
@azuwis @SuperSandro2000
python310Packages.google-auth: remove pyopenssl
669577c 
Pyopenssl is in `extras_require` (optional), and only needed if mTLS feature is
enabled (disabled by default) googleapis/google-auth-library-python#697

This will also make google-auth available on aarch64-darwin since
pyopenssl is broken NixOS#172397
This was referenced Jul 4, 2022
Merged
Merged
@soulomoon soulomoon mentioned this pull request Jul 6, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mindavi Mindavi Mindavi approved these changes

@FRidh FRidh Awaiting requested review from FRidh

@jonringer jonringer Awaiting requested review from jonringer

Assignees
No one assigned
Labels
6.topic: darwin Running or building packages on Darwin 6.topic: python 10.rebuild-darwin: 0 10.rebuild-linux: 0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@SuperSandro2000 @bobrik @Mindavi @avanov @kwohlfahrt